From: Robin Murphy <robin.murphy@arm.com>
To: Douglas Anderson <dianders@chromium.org>,
gregkh@linuxfoundation.org, rafael@kernel.org,
rafael.j.wysocki@intel.com, will@kernel.org, joro@8bytes.org,
bjorn.andersson@linaro.org, ulf.hansson@linaro.org,
adrian.hunter@intel.com, bhelgaas@google.com
Cc: robdclark@chromium.org, linux-arm-msm@vger.kernel.org,
linux-pci@vger.kernel.org, quic_c_gdjako@quicinc.com,
iommu@lists.linux-foundation.org, sonnyrao@chromium.org,
saiprakash.ranjan@codeaurora.org, linux-mmc@vger.kernel.org,
vbadigan@codeaurora.org, rajatja@google.com,
saravanak@google.com, joel@joelfernandes.org,
Andy Gross <agross@kernel.org>,
Bartosz Golaszewski <bgolaszewski@baylibre.com>,
Dan Williams <dan.j.williams@intel.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Heikki Krogerus <heikki.krogerus@linux.intel.com>,
Randy Dunlap <rdunlap@infradead.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/6] iommu: Enable devices to request non-strict DMA, starting with QCom SD/MMC
Date: Tue, 22 Jun 2021 12:35:29 +0100 [thread overview]
Message-ID: <067dd86d-da7f-ac83-6ce6-b8fd5aba0b6f@arm.com> (raw)
In-Reply-To: <20210621235248.2521620-1-dianders@chromium.org>
Hi Doug,
On 2021-06-22 00:52, Douglas Anderson wrote:
>
> This patch attempts to put forward a proposal for enabling non-strict
> DMA on a device-by-device basis. The patch series requests non-strict
> DMA for the Qualcomm SDHCI controller as a first device to enable,
> getting a nice bump in performance with what's believed to be a very
> small drop in security / safety (see the patch for the full argument).
>
> As part of this patch series I am end up slightly cleaning up some of
> the interactions between the PCI subsystem and the IOMMU subsystem but
> I don't go all the way to fully remove all the tentacles. Specifically
> this patch series only concerns itself with a single aspect: strict
> vs. non-strict mode for the IOMMU. I'm hoping that this will be easier
> to talk about / reason about for more subsystems compared to overall
> deciding what it means for a device to be "external" or "untrusted".
>
> If something like this patch series ends up being landable, it will
> undoubtedly need coordination between many maintainers to land. I
> believe it's fully bisectable but later patches in the series
> definitely depend on earlier ones. Sorry for the long CC list. :(
Unfortunately, this doesn't work. In normal operation, the default
domains should be established long before individual drivers are even
loaded (if they are modules), let alone anywhere near probing. The fact
that iommu_probe_device() sometimes gets called far too late off the
back of driver probe is an unfortunate artefact of the original
probe-deferral scheme, and causes other problems like potentially
malformed groups - I've been forming a plan to fix that for a while now,
so I for one really can't condone anything trying to rely on it.
Non-deterministic behaviour based on driver probe order for multi-device
groups is part of the existing problem, and your proposal seems equally
vulnerable to that too.
FWIW we already have a go-faster knob for people who want to tweak the
security/performance compromise for specific devices, namely the sysfs
interface for changing a group's domain type before binding the relevant
driver(s). Is that something you could use in your application, say from
an initramfs script?
Thanks,
Robin.
> Douglas Anderson (6):
> drivers: base: Add the concept of "pre_probe" to drivers
> drivers: base: Add bits to struct device to control iommu strictness
> PCI: Indicate that we want to force strict DMA for untrusted devices
> iommu: Combine device strictness requests with the global default
> iommu: Stop reaching into PCIe devices to decide strict vs. non-strict
> mmc: sdhci-msm: Request non-strict IOMMU mode
>
> drivers/base/dd.c | 10 +++++--
> drivers/iommu/dma-iommu.c | 2 +-
> drivers/iommu/iommu.c | 56 +++++++++++++++++++++++++++--------
> drivers/mmc/host/sdhci-msm.c | 8 +++++
> drivers/pci/probe.c | 4 ++-
> include/linux/device.h | 11 +++++++
> include/linux/device/driver.h | 9 ++++++
> include/linux/iommu.h | 2 ++
> 8 files changed, 85 insertions(+), 17 deletions(-)
>
next prev parent reply other threads:[~2021-06-22 11:35 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-21 23:52 [PATCH 0/6] iommu: Enable devices to request non-strict DMA, starting with QCom SD/MMC Douglas Anderson
2021-06-21 23:52 ` [PATCH 1/6] drivers: base: Add the concept of "pre_probe" to drivers Douglas Anderson
2021-06-24 13:35 ` Greg KH
2021-06-21 23:52 ` [PATCH 2/6] drivers: base: Add bits to struct device to control iommu strictness Douglas Anderson
2021-06-24 13:36 ` Greg KH
2021-06-24 13:42 ` Doug Anderson
2021-06-21 23:52 ` [PATCH 3/6] PCI: Indicate that we want to force strict DMA for untrusted devices Douglas Anderson
2021-06-24 13:38 ` Greg KH
2021-06-24 13:46 ` Doug Anderson
2021-06-21 23:52 ` [PATCH 4/6] iommu: Combine device strictness requests with the global default Douglas Anderson
2021-06-22 2:03 ` Lu Baolu
2021-06-22 16:53 ` Doug Anderson
2021-06-22 17:01 ` Doug Anderson
2021-06-22 2:55 ` Saravana Kannan
2021-06-22 16:40 ` Doug Anderson
2021-06-22 19:50 ` Saravana Kannan
2021-06-22 11:49 ` Robin Murphy
2021-06-22 18:45 ` Rajat Jain
2021-06-22 19:35 ` Doug Anderson
2021-06-21 23:52 ` [PATCH 5/6] iommu: Stop reaching into PCIe devices to decide strict vs. non-strict Douglas Anderson
2021-06-21 23:52 ` [PATCH 6/6] mmc: sdhci-msm: Request non-strict IOMMU mode Douglas Anderson
2021-06-24 13:43 ` Greg KH
2021-06-24 14:00 ` Doug Anderson
2021-06-22 11:35 ` Robin Murphy [this message]
2021-06-22 16:06 ` [PATCH 0/6] iommu: Enable devices to request non-strict DMA, starting with QCom SD/MMC Doug Anderson
2021-06-22 20:02 ` Rob Herring
2021-06-22 20:05 ` Saravana Kannan
2021-06-22 20:10 ` Doug Anderson
2021-06-23 13:54 ` Rob Herring
2021-06-22 22:10 ` Robin Murphy
2021-06-23 17:29 ` Doug Anderson
2021-06-24 17:23 ` Doug Anderson
2021-06-22 17:39 ` John Garry
2021-06-22 19:50 ` Doug Anderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=067dd86d-da7f-ac83-6ce6-b8fd5aba0b6f@arm.com \
--to=robin.murphy@arm.com \
--cc=adrian.hunter@intel.com \
--cc=agross@kernel.org \
--cc=bgolaszewski@baylibre.com \
--cc=bhelgaas@google.com \
--cc=bjorn.andersson@linaro.org \
--cc=dan.j.williams@intel.com \
--cc=dianders@chromium.org \
--cc=geert@linux-m68k.org \
--cc=gregkh@linuxfoundation.org \
--cc=heikki.krogerus@linux.intel.com \
--cc=iommu@lists.linux-foundation.org \
--cc=joel@joelfernandes.org \
--cc=joro@8bytes.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=quic_c_gdjako@quicinc.com \
--cc=rafael.j.wysocki@intel.com \
--cc=rafael@kernel.org \
--cc=rajatja@google.com \
--cc=rdunlap@infradead.org \
--cc=robdclark@chromium.org \
--cc=saiprakash.ranjan@codeaurora.org \
--cc=saravanak@google.com \
--cc=sonnyrao@chromium.org \
--cc=ulf.hansson@linaro.org \
--cc=vbadigan@codeaurora.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).